s_client + PSK + pha

Dmitry Belyavsky beldmit at gmail.com
Sun May 12 19:25:54 UTC 2019


Hello

I see strange behavior of openssl s_client in case of post-handshake
authorization with PSK

command lines:
apps/openssl s_client -connect localhost:4433 -tls1_3 -4 -ciphersuites
TLS_AES_128_GCM_SHA256 -psk $PSK -enable_pha -cert cert.pem -key key.pem
-trace

apps/openssl s_server -accept 4433 -tls1_3 -4 -ciphersuites
TLS_AES_128_GCM_SHA256 -psk $PSK -nocert -no_dhe -allow_no_dhe_kex
-num_tickets 0 -Verify 3 -CAfile cert.pem -trace

I use self-signed certificates with 1.1.1b branch. when I interactively
request the post-handshake authentification, the client sends empty
certificate list.

When I use the following command lines, everything is OK:
apps/openssl s_client -connect localhost:4433 -tls1_2 -4 -ciphersuites
TLS_AES_128_GCM_SHA256 -cert cert.pem -key key.pem -trace -CAfile cert.pem

apps/openssl s_server -accept 4433 -tls1_2 -4 -ciphersuites
TLS_AES_128_GCM_SHA256
-Verify 3 -CAfile cert.pem -key key.pem -cert cert.pem -trace


-- 
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190512/2f1c4145/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cert.pem
Type: application/x-x509-ca-cert
Size: 1294 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190512/2f1c4145/attachment-0002.crt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: key.pem
Type: application/x-x509-ca-cert
Size: 1708 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190512/2f1c4145/attachment-0003.crt>


More information about the openssl-users mailing list